Adversarial scratches: Deployable attacks to CNN classifiers. (January 2023)
- Record Type:
- Journal Article
- Title:
- Adversarial scratches: Deployable attacks to CNN classifiers. (January 2023)
- Main Title:
- Adversarial scratches: Deployable attacks to CNN classifiers
- Authors:
- Giulivi, Loris
Jere, Malhar
Rossi, Loris
Koushanfar, Farinaz
Ciocarlie, Gabriela
Hitaj, Briland
Boracchi, Giacomo - Abstract:
- Highlights: We present Adversarial Scratches, a powerful attack to CNN classifiers. Adversarial Scratches are designed to be deployable over a target image region. We adopt Bezier Curves to reduce the dimensionality of the search space. Adversarial Scratches yield state-of-the-art performance amongst deployable attacks. We propose image filtering defenses and investigate their impact on healthy images. Abstract: A growing body of work has shown that deep neural networks are susceptible to adversarial examples. These take the form of small perturbations applied to the model's input which lead to incorrect predictions. Unfortunately, most literature focuses on visually imperceivable perturbations to be applied to digital images that often are, by design, impossible to be deployed to physical targets. We present Adversarial Scratches: a novel L 0 black-box attack, which takes the form of scratches in images, and which possesses much greater deployability than other state-of-the-art attacks. Adversarial Scratches leverage Bézier Curves to reduce the dimension of the search space and possibly constrain the attack to a specific location. We test Adversarial Scratches in several scenarios, including a publicly available API and images of traffic signs. Results show that our attack achieves higher fooling rate than other deployable state-of-the-art methods, while requiring significantly fewer queries and modifying very few pixels.
- Is Part Of:
- Pattern recognition. Volume 133(2023)
- Journal:
- Pattern recognition
- Issue:
- Volume 133(2023)
- Issue Display:
- Volume 133, Issue 2023 (2023)
- Year:
- 2023
- Volume:
- 133
- Issue:
- 2023
- Issue Sort Value:
- 2023-0133-2023-0000
- Page Start:
- Page End:
- Publication Date:
- 2023-01
- Subjects:
- Adversarial perturbations -- Adversarial attacks -- Deep learning -- Convolutional neural networks -- Bézier curves
Pattern perception -- Periodicals
Perception des structures -- Périodiques
Patroonherkenning
006.4 - Journal URLs:
- http://www.sciencedirect.com/science/journal/00313203 ↗
http://www.sciencedirect.com/ ↗ - DOI:
- 10.1016/j.patcog.2022.108985 ↗
- Languages:
- English
- ISSNs:
- 0031-3203
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 24024.xml